[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070224101100.13806.qmail@securityfocus.com>
Date: 24 Feb 2007 10:11:00 -0000
From: simon.itsecurity@...il.com
To: bugtraq@...urityfocus.com
Subject: Photostand_1.2.0 Multiple Cross Site Scripting
Photostand_1.2.0 Multiple Cross Site Scripting
Vendor site : http://www.photostand.org/
Global risk : medium
XSS
-----
+ Permanents
Message & name fields are vulnerable to xss attacks. This kind of xss
are pretty dangerous,because anyone who see the page gone get his cookie
stolen and sended to the attackers
+ Non Permanant
index.php?page=search&q=<script>alert(document.cookie)</script>
Full Path Disclorure -
-----------------------
"PHPSESSID='" will returns the full path of the file.
GET /photostand_1.2.0/ HTTP/1.0
[...]
Cookie: PS_STATS_VT=true;PS_STATS_VR=true;PHPSESSID=';style=[blahblah]path=/
[...]
/photostand_1.2.0/index.php?page=article&id=' too.
Solutions : www.php.net/htmlentities
regards,
Simon Bonnard
contact : simon.itsecurity - at - gmail - dot- com
Powered by blists - more mailing lists